Berislav Kucan
NetBSD Releases a Batch of Security Advisories
With the release of NetBSD 1.6, the NetBSD project published a batch of Security Advisories (some of which are updates). * 2002-006 buffer overrun in libc/libresolv DNS …
Sophos Anti-Virus for Unix
In this review of Sophos Anti-Virus for Unix we take a look at its Linux version. The information that's provided here gives an overview of its functionality with main aspects …
OpenSSL Security Vulnerabilities Roundup
OpenSSL Security Advisory issued on 30 July 2002 that points to several security issues within OpenSSL. There are four remotely exploitable buffer overflows in OpenSSL. There …
Five Microsoft Security Bulletins Released
Microsoft was pretty active in the past few days – they released five security bulletins dealing with the following products: SQL Server 2000, Windows Media Player, …
PGP Outlook Encryption Plug-in Vulnerability
eEye staffers Marc Maiffret and Riley Hassell, were again busy on finding the bugs, so a new advisory hit the “streets” today. This time, there is a remote …
OpenSSH Remote Vulnerability Roundup
In a recent discussion about the Apache Chunk Handling vulnerability, which consisted of many debates and rants on how the reporting was done, ISS mentioned that they found …
Apache Chunk Handling Roundup
Internet Security Systems and NGSSoftware found a security issue with chunk encoding in the popular Apache web server. The problems may lead to a remote compromise and denial …
Roundup on BIND Denial of Service
Short description (from Incidents.org Handler’s Diary): There is a Denial of Service vulnerability in ISC Bind (versions 9 up to 9.2.1) When this is exploited by a …
Corporate Security Overview: 04-11 June 2002
A number of security companies send us their company press releases, which we republish in the press section of Help Net Security. This is an overview of interesting …
Security Advisories Week: 30 May – 6 June 2002
Title: Imap server buffer overflow Date: May 30 2002 Vendor: Mandrake Vulnerable systems: Mandrake Linux 7.1, 7.2, 8.1, 8.2, Corporate Server 1.0.1 Full advisory: Problem …
Corporate Security Overview: 28 May – 4 June 2002
A number of security companies send us their company press releases, which we republish in the press section of Help Net Security. This is an overview of interesting …
Backdoored dsniff, fragroute and fragrouter
In a recent hack of irssi server, attacker modified the configure script which gave him shell access to any system that installed the backdoored irssi program. The same thing …